Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.5

    LOW
    CVE-2016-3321

    Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet ... Read more

    Affected Products : internet_explorer
    • EPSS Score: %29.81
    • Published: Aug. 09, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2017-1144

    IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.... Read more

    • EPSS Score: %0.06
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 2.5

    LOW
    CVE-2024-42185

    BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial ... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 2.5

    LOW
    CVE-2025-32408

    In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.... Read more

    Affected Products : iam
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 2.5

    LOW
    CVE-2024-58251

    In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 2.5

    LOW
    CVE-2020-8912

    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them ... Read more

    Affected Products : aws_s3_crypto_sdk
    • EPSS Score: %0.14
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2016-7960

    Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.09
    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-6450

    A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are runn... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.06
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2024-9203

    A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack h... Read more

    Affected Products :
    • Published: Sep. 26, 2024
    • Modified: Sep. 30, 2024

  • 2.5

    LOW
    CVE-2024-42183

    BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Path Traversal

  • 2.5

    LOW
    CVE-2024-42182

    BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 2.5

    LOW
    CVE-2015-7435

    IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local... Read more

    Affected Products : tivoli_common_reporting
    • EPSS Score: %0.05
    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2025-9383

    A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. T... Read more

    Affected Products :
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cryptography

  • 2.5

    LOW
    CVE-2019-8757

    A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to sha... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.10
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2025-23290

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.5

    LOW
    CVE-2021-25335

    Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.... Read more

    Affected Products : android dex one_ui
    • EPSS Score: %0.05
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2020-8013

    A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously ... Read more

    Affected Products : leap linux_enterprise_server
    • EPSS Score: %0.06
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2019-11191

    The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.00
    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2021-29948

    Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.... Read more

    Affected Products : thunderbird
    • EPSS Score: %0.07
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2024-21164

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 16, 2024
    • Modified: Mar. 18, 2025
Showing 20 of 292720 Results